Access control for content delivery services

ABSTRACT

Examples described herein relate to apparatuses and methods for associating a first account with a second account, the first account being hosted by a first server, the second account being hosted by a second server, including but not limited to, authenticating, by the first server, first login credentials associated with the first account, wherein the first login credentials are received from a user device, receiving, by the first server from the user device, second login credentials associated with the second account, sending, by the first server, the second login credentials to the second server for authentication, in response to determining that the second login credentials are authenticated by the second server, associating, by the first server, the first account with the second account, and connecting, by the first server to the second server, to allow the user device to access services commensurate with the second account without prompting the user device for the second login credentials.

BACKGROUND

Typically, a user who employs services performed by two differentservers maintains two different sets of login credentials for loggingonto to two different accounts, each hosted by one of the two servers.The servers may perform different functions and may provide differentbut related services. Illustrating with a non-limiting examplepertaining to content delivery services, a traffic managing server(e.g., a Level 3® Intelligent Traffic Manager) can perform a Domain NameServers (DNS)-based routing of wide-area traffic to publicly accessibleInternet Protocol (IP) applications, websites, or Content DeliveryNetworks (CDNs) based on policies configured by the user to optimizeperformance. A reporting server (e.g., a Level 3® Media portal) canprovide to the user reporting, monitoring, and management capabilitieswith respect to services provided by the traffic managing server. In thesituation in which the same user has already registered separateaccounts on both the servers, identifying the accounts as belonging tothe same entity and associating the accounts server-side can bedifficult.

BRIEF SUMMARY

Embodiments are provided for associating a first account with a secondaccount. The first account may be hosted by a first server and thesecond account may be hosted by a second server. In accordance with oneaspect, a method includes authenticating, by the first server, firstlogin credentials associated with the first account, wherein the firstlogin credentials are received from a user device, receiving, by thefirst server from the user device, second login credentials associatedwith the second account, sending, by the first server, the second logincredentials to the second server for authentication, in response todetermining that the second login credentials are authenticated by thesecond server, associating, by the first server, the first account withthe second account, and connecting, by the first server to the secondserver, to allow the user device to access services commensurate withthe second account without prompting the user device for the secondlogin credentials.

The method may further include receiving, by the first server from theuser device, the first login credentials, and receiving, by the firstserver from the user device, the second login credentials after thefirst login credentials are authenticated.

Embodiments further allow determining that the second login credentialsare authenticated by the second server by receiving an authenticationsuccess message from the second server. The second login credentials mayinclude an account identifier that identifies the second account.Associating the first account with the second account can includestoring the account identifier, and storing mapping information thatmaps the first account to the account identifier.

In some arrangements, the account identifier is at least one of ausername, an account name, or an account number.

The method may include connecting to allow the user device to accessservices commensurate with the second account without prompting the userdevice for the second login credentials includes sending, by the firstserver to the second server, an authentication request, wherein theauthentication request includes the account identifier andadministrative credentials associated with the first server.

The second login credentials may include an account identifier and apassword corresponding to the account identifier, and in response toassociating the first account with the second account, the first serverdeletes the password.

The method permits connecting to allow the user device to accessservices commensurate with the second account without prompting the userdevice for the second login credentials includes requesting, by thefirst server to the second server, services commensurate with the secondaccount on behalf of the user device.

Services commensurate with the first account may include analyticservices for the services commensurate with the second account. Theservices commensurate with the first account may be different from theservices commensurate with the second account.

The services commensurate with the second account may include contentdelivery network (CDN) services for a user of the user device. Theservices commensurate with the first account may include analytics forthe user of the user device, wherein the analytics pertain to the CDNservices.

In accordance with one aspect, a first server for associating a firstaccount with a second account is provided. Embodiments allow the firstaccount to be hosted by the first server and the second account to behosted by a second server, wherein the first server includes a networkdevice, a memory, and a processor configured to authenticate first logincredentials associated with the first account, wherein the first logincredentials are received from a user device, receive from the userdevice second login credentials associated with the second account, sendthe second login credentials to the second server for authentication, inresponse to determining that the second login credentials areauthenticated by the second server, associate the first account with thesecond account, and connect to the second server to allow the userdevice to access services commensurate with the second account withoutprompting the user device for the second login credentials.

In accordance with another aspect, a non-transitory computer-readablemedium is provided that includes computer-readable instructions suchthat, when executed, cause a processor of a first server to authenticatefirst login credentials associated with a first account, wherein thefirst login credentials are received from a user device, receive fromthe user device second login credentials associated with a secondaccount, send the second login credentials to a second server forauthentication, in response to determining that the second logincredentials are authenticated by the second server, associate the firstaccount with the second account, and connect to the second server toallow the user device to access services commensurate with the secondaccount without prompting the user device for the second logincredentials.

In yet another aspect, a method is provided for associating a firstaccount with a second account, the first account being hosted by a firstserver, the second account being hosted by a second server, the methodincludes receiving, by the second server, an authentication request fromthe first server relative to second login credentials associated withthe second account, authenticating, by the second server, the secondlogin credentials, flagging, by the second server, the second account,and authorizing access, by the second server, to the second account inresponse to receiving an account identifier identifying the secondaccount and administrator's credentials associated with the firstserver.

The method may further includes receiving, by the second server, asecond authentication request from a device other than the first serverto access the second account after the second account has been flagged;and denying the second authentication request.

The method may further includes receiving, by the second server, anauthentication request from a user device after flagging the secondaccount, wherein the authentication request includes the second logincredentials, and denying the authentication request.

The access to the second account may be authorized to a user device toallow the user device to access services commensurate with the secondaccount. Authorizing access to the second account can includedetermining that the second account is flagged.

Services commensurate with the second account may include CDN servicesfor a user of the user device.

In accordance with another aspect, a second server is provided forassociating a first account with a second account, the first accountbeing hosted by a first server, the second account being hosted by thesecond server, the second server includes a network device, a memory,and a processor configured to receive an authentication request from thefirst server relative to second login credentials associated with thesecond account, authenticate the second login credentials, flag thesecond account, and authorize access to the second account in responseto receiving an account identifier identifying the second account andadministrator's credentials associated with the first server.

In accordance with yet another aspect, a non-transitorycomputer-readable medium is provided that includes computer-readableinstructions for associating a first account with a second account, thefirst account being hosted by a first server, the second account beinghosted by a second server, when executed, cause a processor of thesecond server to receive an authentication request from the first serverrelative to second login credentials associated with the second account,authenticate the second login credentials, flag the second account, andauthorize access to the second account in response to receiving anaccount identifier identifying the second account and administrator'scredentials associated with the first server.

Other embodiments are directed to systems, devices, and computerreadable media associated with methods described herein.

These and other features, together with the organization and manner ofoperation thereof, will become apparent from the following detaileddescription when taken in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of an example of a system for associating a firstaccount (hosted by a first server) with a second account (hosted by asecond server) according to embodiments of the present disclosure.

FIG. 2 is a diagram that illustrates associating a first account withone or more second accounts according to embodiments of the presentdisclosure.

FIG. 3A is a flow diagram illustrating a method for the first server(FIG. 1 ) to associate a first account hosted by the first server and asecond account hosted by the second server (FIG. 1 ) according toembodiments of the present disclosure.

FIG. 3B is a flow diagram illustrating a method for the first server(FIG. 1 ) to log in a second account hosted by the second server (FIG. 1) according to embodiments of the present disclosure.

FIG. 3C is a flow diagram illustrating a method for the first server 120(FIG. 1 ) to associate a first account hosted by the first server 120and a second account hosted by the second server 130 (FIG. 1 ) accordingto embodiments of the present disclosure.

FIG. 4A is a flow diagram illustrating a method for the second server130 (FIG. 1 ) to associate a first account hosted by the first server120 and a second account hosted by the second server 130 (FIG. 1 )according to embodiments of the present disclosure.

FIG. 4B is a flow diagram illustrating a method for the second server(FIG. 1 ) to facilitate the first server (FIG. 1 ) to log in a secondaccount hosted by the second server according to embodiments of thepresent disclosure.

FIG. 4C is a flow diagram illustrating a method for the second server130 (FIG. 1 ) to associate a first account hosted by the first server120 and a second account hosted by the second server 130 (FIG. 1 )according to embodiments of the present disclosure.

FIGS. 5A and 5B are interface display diagrams illustrating interactiveinterfaces for receiving user input in connection with registering asecond account hosted by the second server (FIG. 1 ) according toembodiments of the present disclosure.

FIG. 5C is an interface display diagram illustrating an interactiveinterface for receiving user selection to connect to the second server(FIG. 1 ) to access services commensurate with a second account hostedby the second server (FIG. 1 ) according to embodiments of the presentdisclosure.

DETAILED DESCRIPTION

Arrangements described herein relate to systems, apparatuses, andmethods for associating a first account managed by a first server with asecond account managed by a second server, to provide a single sign-onscheme for accessing services provided by both the first server and thesecond server. The services provided by the first server arecommensurate with the scope of access defined by the first account. Theservices provided by the second server are commensurate with the scopeof access defined by the second account. Arrangements described hereinallow a user to access the services provided by both the first serverand the second server by inputting login credentials (e.g., a username,password, biometrics, and the like) for the first account, instead ofusing separate sets of login credentials for the first server and thesecond server. As such, the user who has already registered accountswith both the first server and the second server needs to only maintainone set of login credentials (e.g., the login credentials for the firstaccount) to access services commensurate with both the first account andthe second account. A single-login system is thusly provided.

FIG. 1 is a diagram of an example of a system 100 for associating afirst account (hosted by a first server 120) with a second account(hosted by a second server 130) according to some arrangements.Referring to FIG. 1 , a user 101 is an entity that employs or otherwisebenefits from services provided by both the first server 120 and thesecond server 130. In particular, the user 101 has registered the firstaccount with the first server 120 and the second account with the secondserver 130. In other words, the user 101 is the account holder of thefirst account and the second account. The user 101 maintains a set oflogin credentials (referred to herein as first login credentials) toaccess the first account. The first server 120 provides services to theuser 101 commensurate with a scope defined by the first account. Theuser 101 maintains a separate set of login credentials (referred toherein as second login credentials) to access the second account. Thesecond server 130 provides services to the user 101 commensurate with ascope defined by the second account. The user 101 can be any entity suchas but not limited to, an individual, a plurality of individuals, acompany, and the like.

A network 105 is structured to permit the exchange of data, values,instructions, messages, and the like among a user device 110, the firstserver 120, and the second server 130. The network 105 can be anysuitable Local Area Network (LAN) or Wide Area Network (WAN). Forexample, the network 105 can be supported by Frequency Division MultipleAccess (FDMA), Time Division Multiple Access (TDMA), Synchronous OpticalNetwork (SONET), Dense Wavelength Division Multiplexing (DWDM), OpticalTransport Network (OTN), Code Division Multiple Access (CDMA)(particularly, Evolution-Data Optimized (EVDO)), Universal MobileTelecommunications Systems (UMTS) (particularly, Time DivisionSynchronous CDMA (TD-SCDMA or TDS) Wideband Code Division MultipleAccess (WCDMA), Long Term Evolution (LTE), evolved Multimedia BroadcastMulticast Services (eMBMS), High-Speed Downlink Packet Access (HSDPA),and the like), Universal Terrestrial Radio Access (UTRA), Global Systemfor Mobile Communications (GSM), Code Division Multiple Access 1× RadioTransmission Technology (1×), General Packet Radio Service (GPRS),Personal Communications Service (PCS), 802.11X, ZigBee, Bluetooth,Wi-Fi, any suitable wired network, combination thereof, and/or the like.

As shown, the user 101 operates or is associated with the user device110. In some arrangements, the user device 110 includes at least aprocessing circuit 111, a network device 116, and a user interface 118.In some arrangements, the user device 110 is a desktop computer,mainframe computer, laptop computer, pad device, smart phone device orthe like, configured with hardware and software to perform operationsdescribed herein. For example, the user device 110 can be a typicaldesktop PC or Apple™ computer device, having suitable processingcapabilities, memory, user interface (e.g., display and input)capabilities, and communication capabilities, when configured withsuitable application software (or other software) to perform operationsdescribed herein. Thus, particular arrangements are implemented, usingprocessor devices that are often already present in many business andorganization environments, by configuring such devices with suitablesoftware processes described herein. Accordingly, such arrangements canbe implemented with minimal additional hardware costs. However, otherarrangements of the user device 110 include to dedicated device hardwarespecifically configured for performing operations described herein.

The processing circuit 111 has a processor 112 and memory 114. Theprocessor 112 is implemented with a general-purpose processor, anApplication Specific Integrated Circuit (ASIC), one or more FieldProgrammable Gate Arrays (FPGAs), a Digital Signal Processor (DSP), agroup of processing components, or other suitable electronic processingcomponents. The memory 114 is implemented with a Random Access Memory(RAM), Read-Only Memory (ROM), Non-Volatile RAM (NVRAM), flash memory,hard disk storage, or other suitable data storage units. The memory 114stores data and/or computer code for facilitating the various processesexecuted by the processor 112. Moreover, the memory 114 is or includestangible, non-transient volatile memory or non-volatile memory.Accordingly, the memory 114 includes database components, object codecomponents, script components, or any other type of informationstructure for supporting the various activities and informationstructures described herein.

The network interface 116 is configured for and structured to establishcommunication with one or more of the first server 120 and the secondserver 130 via the network 105. The network interface 116 includeshardware and software for achieving such. In some implementations, thenetwork interface 116 includes a cellular transceiver (configured forcellular standards), a local wireless network transceiver (for 802.11X,ZigBee, Bluetooth, Wi-Fi, or the like), a wired network interface, acombination thereof (e.g., both a cellular transceiver and a Bluetoothtransceiver), and/or the like.

The user interface 118 is configured to receive user input from andprovide information to the user 101. In this regard, the user interface118 is structured to exchange data, communications, instructions, etc.with an input/output component of the user device 110. Accordingly, insome arrangements, the user interface 118 includes an input/outputdevice such as but not limited to, a display device, touchscreen,keyboard, microphone, and/or the like. In some arrangements, the userinterface 118 includes communication circuitry for facilitating theexchange of data, values, messages, and the like between theinput/output device and the components of the user device 110. In somearrangements, the user interface 118 includes machine-readable media forfacilitating the exchange of information between the input/output deviceand the components of the user device 110. In some arrangements, theuser interface 118 includes any combination of hardware components(e.g., a touchscreen), communication circuitry, and machine-readablemedia.

In some arrangements, the first server 120 includes at least aprocessing circuit 121, a network device 126, and a first accountdatabase 128. In some arrangements, the first server 120 is a suitableprocessor device configured with hardware and software to performoperations described herein. Particular arrangements can be implemented,using processor devices that are often already present in many businessand organization environments, by configuring such devices with suitablesoftware processes. Accordingly, such arrangements can be implementedwith minimal additional hardware costs. However, other arrangements ofthe first server 120 include dedicated device hardware specificallyconfigured for performing operations described herein.

The processing circuit 121 includes a processor 122 and memory 124. Theprocessor 122 is implemented with a general-purpose processor, an ASIC,one or more FPGAs, a DSP, a group of processing components, or othersuitable electronic processing components. The memory 124 is implementedwith a RAM, ROM, NVRAM, flash memory, hard disk storage, or othersuitable data storage units. The memory 124 stores data and/or computercodes for facilitating the various processes executed by the processor122. Moreover, the memory 124 is or includes tangible, non-transientvolatile memory or non-volatile memory. Accordingly, the memory 124includes database components, object code components, script components,or any other type of information structure for supporting the variousactivities and information structures described herein.

The network interface 126 is configured for and structured to establishcommunication with the user device 110 and the second server 130 via thenetwork 105. The network interface 126 includes hardware and softwarefor achieving such. In some implementations, the network interface 126includes a cellular transceiver (configured for cellular standards), alocal wireless network transceiver (for 802.11X, ZigBee, Bluetooth,Wi-Fi, or the like), a wired network interface, a combination thereof(e.g., both a cellular transceiver and a Bluetooth transceiver), and/orthe like.

The first account database 128 is a memory device having data structuresimplemented to organize and store account information of users who usethe services provided by the first server 120. The first accountdatabase 128 stores at least the first login credentials of the user 101for authenticating the user 101. Additionally, the first accountdatabase 128 can store account information relative to the first accountof the user 101, including a scope of service commensurate with thefirst account and the first login credentials of the user 101.

In some arrangements, the second server 130 includes at least aprocessing circuit 131, a network device 136, and a second accountdatabase 138. In some arrangements, the second server 130 is a suitableprocessor device configured with hardware and software to performoperations described herein. Particular arrangements can be implemented,using processor devices that are often already present in many businessand organization environments, by configuring such devices with suitablesoftware processes. Accordingly, such arrangements can be implementedwith minimal additional hardware costs. However, other arrangements ofthe second server 130 include dedicated device hardware specificallyconfigured for performing operations described herein.

The processing circuit 131 includes a processor 132 and memory 134. Theprocessor 132 is implemented with a general-purpose processor, an ASIC,one or more FPGAs, a DSP, a group of processing components, or othersuitable electronic processing components. The memory 134 is implementedwith a RAM, ROM, NVRAM, flash memory, hard disk storage, or othersuitable data storage units. The memory 134 stores data and/or computercodes for facilitating the various processes executed by the processor132. Moreover, the memory 134 is or includes tangible, non-transientvolatile memory or non-volatile memory. Accordingly, the memory 134includes database components, object code components, script components,or any other type of information structure for supporting the variousactivities and information structures described herein.

The network interface 136 is configured for and structured to establishcommunication with the user device 110 and the first server 120 via thenetwork 105. The network interface 136 includes hardware and softwarefor achieving such. In some implementations, the network interface 136includes a cellular transceiver (configured for cellular standards), alocal wireless network transceiver (for 802.11X, ZigBee, Bluetooth,Wi-Fi, or the like), a wired network interface, a combination thereof(e.g., both a cellular transceiver and a Bluetooth transceiver), and/orthe like.

The second account database 138 is a memory device having datastructures implemented to organize and store account information ofusers who use the services provided by the second server 130. The secondaccount database 138 stores at least the second login credentials of theuser 101 for authenticating the user 101. Additional, the second accountdatabase 138 can store account information relative to the secondaccount of the user 101, including a scope of service commensurate withthe second account and the second login credentials of the user 101.

In some arrangements, the first server 120 and the second server 130provide different but related services to the user 101. Illustratingwith a non-limiting example pertaining to content delivery services, thesecond server 130 can be a traffic managing server (e.g., a Level 3®Intelligent Traffic Manager) that can perform a Domain Name Servers(DNS)-based routing of wide-area traffic to publicly accessible InternetProtocol (IP) applications, websites, or Content Delivery Networks(CDNs) based on policies configured by the user 101 to optimizeperformance. In other words, the services commensurate with the secondaccount and the second login credentials include CDN services and/orInternet Service Provider (ISP) services for the user 101. Before theassociation disclosed herein, the user 101 can log into the secondaccount using the second login credentials (via the user interface 118of the user device 110) by communicating with the second server 130directly and set/modify policies (via the user interface 118 of the userdevice 110) to configure the services commensurate with the secondaccount. In some arrangements, the second server 130 is a remote serverthat is relatively remote to the user device 110.

The first server 120 is a reporting server (e.g., a Level 3® Mediaportal) that can provide to the user 101 reporting, monitoring, andmanagement capabilities with respect to the services provided by thesecond server 130. In other words, the services commensurate with thefirst account and the first account login credentials include analyticservices pertaining to the services commensurate with the second accountand the second login credentials. The user 101 can log into the firstaccount using the first login credentials (via the user interface 118 ofthe user device 110) by communicating with the first server 120 directlyand review and monitor (via the user interface 118 of the user device110) the analytic reports related to the services commensurate with thesecond account. In some arrangements, the first server 120 is a localserver that is relatively local to the user device 110. That is, thefirst server 120 is closer to the user device 110 geographically thanthe second server 130 is to the user device 110.

While one first server 120 is shown, one of ordinary skill in the artcan appreciate that multiples servers (each of which can be a serversuch as but not limited to, the first server 120) can form a network ofservers (e.g., a reporting server network) to serve the user 101 and/orother users, for example, based on geographical locations, trafficbalancing, availability, and the like. Similarly, while one secondserver 130 is shown, one of ordinary skill in the art can appreciatethat multiples servers (each of which can be a server such as but notlimited to, the second server 130) can form a network of servers (e.g.,a traffic managing server network) to serve the user 101 and/or otherusers, for example, based on geographical locations, traffic balancing,availability, and the like.

FIG. 2 is a diagram that illustrates associating a first account (e.g.,a first account A 210 a) with one or more second accounts (e.g., asecond account A 220 a and a second account B 220 b) according to somearrangements. Referring to FIGS. 1-2 , the first account database 128 ofthe first server 120 stores information relative to the first account A210 a, a first account B 210 b, . . . , a first account N 210 n. Each ofthe accounts 210 a-210 n is associated with a user. For example, thefirst account A 210 a is associated with the user 101. The informationrelative to the first account A 210 a includes first login credentials A212 a and first account information A 214 a. Response to determiningthat the first login credentials received via the network 105 from theuser device 110 is the same as the first login credentials A 212 a, theuser device 110 is authenticated. The first account information A 214 aincludes information concerning the scope of service commensurate withthe first account A 210 a. The information relative to other firstaccounts (e.g., the first account B 210 b, . . . , and the first accountN 210 n) may include credentials (e.g., first login credentials B 212 b,. . . , and first login credentials N 212 n) and information (e.g.,first account information B 214 b, . . . , and first account informationN 214 n) associated with other users.

The second account database 138 of the second server 130 storesinformation relative to the second account A 220 a, the second account B220 b, . . . , a second account N 220 n. Each of the accounts 220 a-220n is associated with a user. For example, the second account A 220 a andthe second account B 220 b are associated with the user 101. Theinformation relative to the second account A 220 a includes second logincredentials A 222 a and second account information A 224 a. The secondlogin credentials A 222 a are used for authenticating the user device110. The second account information A 224 a includes informationconcerning the scope of service commensurate with the second account A220 a. Illustrating with a non-limiting example, the second accountinformation A 224 a includes policy information set by the user 101,where the policy information configures the CDN services. Theinformation relative to the second account B 220 b includes second logincredentials B 222 b and second account information B 224 b. The secondlogin credentials B 222 b are used for authenticating the user device110. The second account information B 224 b includes informationconcerning the scope of service commensurate with the second account B220 b. Illustrating with a non-limiting example, the second accountinformation B 224 b includes policy information set by the user 101,where the policy information configures the CDN services.

In some arrangements, the scope of services commensurate with the secondaccount A 220 a and the scope services commensurate with the secondaccount B 220 b are separate and do not overlap. Illustrating with anon-limiting example in that regard, the scope of services commensuratewith the second account A 220 a (e.g., the second account information A224 a) corresponds to providing CDN services for customers of the user101 located in a first geographical area. The scope of servicescommensurate with the second account B 220 b (e.g., the second accountinformation B 224 b) corresponds to providing CDN services for customersof the user 101 located in a second geographical area separate from thefirst geographical area. Illustrating with another non-limiting examplein that regard, the scope of services commensurate with the secondaccount A 220 a (e.g., the second account information A 224 a) maycorrespond to providing CDN services for a first content source of theuser 101. The scope of services commensurate with the second account B220 b (e.g., the second account information B 224 b) may correspond toproviding CDN services for a second content source of the user 101,where the first and second content sources are different. Theinformation relative to other second accounts (e.g., the second accountN 220 n) may include credentials (e.g., second login credentials N 222n) and information (e.g., second account information N 224 n) associatedwith another user.

The first server 120 and the second server 130 can associate a firstaccount (e.g., the first account A 210 a) with one or more secondaccounts (e.g., the second account A 220 a and the second account B 220b). While the arrangements described with respect to FIGS. 3A-4C relateto associating the first account A 210 a with one second account (e.g.,the second account A 220 a), one of ordinary skill in the art canappreciate that at least one other second account (e.g., the secondaccount B 220 b) can be associated with the first account A 210 a in asimilar manner.

FIG. 3A is a flow diagram illustrating a method 300 a for the firstserver 120 (FIG. 1 ) to associate a first account (e.g., the firstaccount A 210 a of FIG. 2 ) hosted by the first server 120 and a secondaccount (e.g., the second account A 220 a of FIG. 2 ) hosted by thesecond server 130 (FIG. 1 ) according to some arrangements. Referring toFIGS. 1-3A, the method 300 a allows the user device 110 to register thesecond account A 220 a with the first server 120 such that the firstserver 120 has knowledge of the relationship between the first account A210 a and the second account A 220 a.

At 310 a, the first server 120 receives first login credentialsassociated with the first account A 210 a from the user device 110. Inparticular, the first server 120 provides a web-based interface or aweb-based application accessible by the network device 116 of the userdevice 110. Illustrating with a non-limiting example, the web-basedinterface or the web-based application includes a login page or a loginwindow displayed to the user 101 via an output component of the userinterface 118. The user 101 can input the first login credentials (e.g.,a username, a password, biometrics, a combination thereof, or the like)using the web-based interface or the web-based application, via an inputcomponent of the user interface 118. The user device 110 sends the firstlogin credentials to the first server 120 via the network 105.

At 320 a, the first server 120 determines whether the first logincredentials are authenticated. For example, the processing circuit 121compares the first login credentials received from the user device 110to the login credentials 212 a-212 n stored in the first accountdatabase 128 to determine whether a match exists. Responsive todetermining that the first login credentials received from the userdevice 110 are not authenticated (320 a:NO), the first server 120 deniesthe user device 110 access at 330 a. For example, the first server 120may send an access denied message to the user device 110 to be displayedto the user 101. Thereafter, the first server 120 may receive additionalattempts of authentication at block 310 a.

On the other hand, after determining that the first login credentialsreceived from the user device 110 are authenticated (320 a:YES), thefirst server 120 receives from the user device 110 second logincredentials associated with the second account A 220 a that is hosted bythe second server 130. In some examples, the second login credentialscan include an account identifier that identifies the second account A220 a. The account identifier may be a username, an account name, anaccount number, a combination thereof, or the like.

In some arrangements, the first server 120 provides a web-basedinterface or a web-based application accessible by the network device116 of the user device 110 to receive user input corresponding to thesecond login credentials. Illustrating with a non-limiting example, theweb-based interface or the web-based application includes a page or awindow displayed to the user 101 via an output device of the userinterface 118. The user 101 can input the second login credentials(e.g., a username, a password, biometrics, a combination thereof, or thelike) using the web-based interface or the web-based application, via aninput component of the user interface 118. The user device 110 sends thesecond login credentials to the first server 120 via the network 105.

FIGS. 5A and 5B illustrate non-limiting examples of a page displayed onthe user device 110 for receiving user input corresponding to the secondlogin credentials. FIGS. 5A and 5B are interface display diagramsillustrating interactive interfaces 500 a and 500 b, respectively, forreceiving user input in connection with registering a second account(e.g., the second account A 220 a of FIG. 2 ) hosted by the secondserver 130 (FIG. 1 ) with the first server 120 according to somearrangements. Referring to FIGS. 1-3A, 5A, and 5B, the interactiveinterfaces 500 a and 500 b are provided by the first server 120 to bedisplayed by an output component of the user interface 118. Each of theinteractive interfaces 500 a and 500 b displays the first accountinformation A 214 a, which corresponds to the services commensurate withthe first account A 210 a. Illustrating with a non-limiting example, thefirst account information A 214 a includes an analytic diagram 510 a. Insome instances, the analytic diagram 510 a may be plotted using data(e.g., the second account information A 224 a) associated with servicescommensurate with the second account A 220 a.

The interactive interface 500 a further includes a user interactiveelement 520 a corresponding to initiating registration of at least oneaccount (e.g., the second account A 220 a) stored in the second accountdatabase 138. In the scenario in which two or more second servers (eachof which is a sever such as but not limited to, the second server 130)store different accounts, the interactive interface 500 a can display aserver selection window (not shown) to allow the user 101 to select anappropriate second server on which the second account A 220 a is hosted.

Responsive to the user 101 selecting the user interactive element 520 a,a window 510 b may be displayed to receive the user input relative tothe second login credentials. The window 510 b may include a first field520 b for receiving a username and a second field 530 b for receiving apassword. Other manners for receiving user input corresponding to thesecond login credentials (e.g., using biometric sensors) can beimplemented.

At 350 a, the first server 120 determines whether the second logincredentials received from the user device 110 is authenticated by thesecond server 130. In some arrangements, responsive to receiving thesecond login credentials from the user device 110, the first server 120sends the second login credentials to the second server 130 to beauthenticated by the second server 130. The processing circuit 131compares the second login credentials received from the first server 120to the login credentials 222 a-222 n stored in the second accountdatabase 138 to determine whether a match exists. If a match exists, thefirst server 120 receives an authentication success message from thesecond server 130. On the other hand, if a match does not exist, thefirst server 120 receives an authentication failure message from thesecond server 130.

Responsive to determining that the second login credentials are notauthenticated (350 a:NO), the first server 120 sends an authenticationfailure message to the user device 110 at 360 a. On the other hand,responsive to determining that the second login credentials areauthenticated (350 a:YES), the first server 120 associates the firstaccount A 210 a with the second account A 220 a. In some arrangements,associating the first account A 210 with the second account A 220 aincludes storing the account identifier of the authenticated secondlogin credentials in the first account database 128. In somearrangements, associating the first account A 210 with the secondaccount A 220 a further includes storing mapping information that mapsthe first account A 210 a to the account identifier in the first accountdatabase 128. In particular, the first account database 128 may storethe account identifier that identifies the second account A 220 atogether with the first login credentials A 212 a and the first accountinformation A 214 a. Accordingly, the first account A 210 a is flaggedto indicate that an account (e.g., the second account A 220 a) from thesecond account database 138 is associated with the first account A 210a.

At 380 a, the first server 120 may delete a portion of the second logincredentials receive from the user device 110. In some examples, theportion of the second login credentials deleted is a password orbiometric information. In some examples, all of the second logincredentials received from the user device 110 is deleted with theexception of the account identifier. Such portion of the second logincredentials is not stored because subsequent communication with thesecond server 130 related to the second account A 220 a is to beexecuted using administrative credentials associated with the firstsever 120. Such mechanism improve account security.

FIG. 3B is a flow diagram illustrating a method 300 b for the firstserver 120 (FIG. 1 ) to log in a second account (e.g., the secondaccount A 220 a of FIG. 2 ) hosted by the second server 130 (FIG. 1 )according to some arrangements. Referring to FIGS. 1-3B, afterassociating the first account A 210 a and the second account A 220 a,the user 101 can log into the second account A 220 a indirectly throughthe first server 120 instead of directly through the second server 130.

At 310 b, the first server 120 receives first login credentialsassociated with the first account A 210 a from the user device 110, in amanner similar to described with respect to 310 a. At 320 a, the firstserver 120 determines whether the first login credentials received fromthe user device are authenticated, in a manner similar to described withrespect to 320 a. Responsive to determining that the first logincredentials received from the user device 110 are not authenticated (320b:NO), the first server 120 denies the user device 110 access at 330 b,in a manner similar to described with respect to 330 a.

On the other hand, after determining that the first login credentialsreceived from the user device are authenticated (320 b:YES), the firstserver 120 receives user selection to connect to the second server 130to access services commensurate with the second account A 220 a. Inparticular, the first server 120 provides a web-based interface or aweb-based application accessible by the network device 116 of the userdevice 110 for receiving the user selection.

FIG. 5C illustrates a non-limiting example of a page displayed on theuser device 110 for receiving user selection corresponding to connectingto the second server 130 to access the services commensurate with thesecond account A 220 a. FIG. 5C is an interface display diagramillustrating an interactive interface 500 c for receiving user selectionto connect to the second server 130 (FIG. 1 ) to access servicescommensurate with a second account (e.g., the second account A 220 a ofFIG. 2 ) hosted by the second server 130 (FIG. 1 ) according to somearrangements.

Referring to FIGS. 1-3B and 5A-5C, the interactive interface 500 c isprovided by the first server 120 to be displayed by an output componentof the user interface 118. The interactive interface 500 c displays thefirst account information A 214 a, which corresponds to the servicescommensurate with the first account A 210 a. Illustrating with anon-limiting example, the first account information A 214 a comprise theanalytic diagram 510 a. In addition, the interactive interface 500 cdisplays user interactive elements 510 c and 520 c for connecting to thesecond server 130. The user interactive element 510 c corresponds toconnecting to the second server 130 for accessing services commensuratewith the second account A 220 a. The user interactive element 520 ccorresponds to connecting to the second server 130 for accessingservices commensurate with the second account B 220 b, which may beregistered by the first server 120 in a manner similar to described withrespect to the second account A 220 a. In particular, an accountidentifier identifying the second account B 220 b is also stored andmapped to the first account A 210 a. On the other hand, in the eventthat only one second account (e.g., only the second account A 220 a) isassociated with the first account A 210, selecting an user interactiveelement indicating connecting to the second server 130 (and not to anyparticular account) can automatically trigger logging in the secondaccount A 220 a.

At 350 b, the first server 120 connects to the second server 130 usingthe account identifier and administrative credentials associated withthe first server 120. Given that the account identifier (e.g., theusername, account name, account number, or the like) is stored andmapped to the first account A 210 a, the first server 120 uses theaccount identifier to identify the second account A 220 a whencommunicating with the second server 130. The first sever 120 uses theadministrative credentials instead of using the password, biometricinformation, or other mechanisms of authentication that involve userinput. Thus, the first server 120 can allow the user 101 to access theservices commensurate with the second account 220 a without promptingthe user device 110 for the second login credentials. The request fromthe user device 110 is tunneled to the second server 130 by the firstserver 120.

In other words, responsive to receiving user selection selecting theuser interactive element 510 c, the first server 120 automatically sendsto the second server 130 an authentication request. The authenticationrequest includes the account identifier (identifying the second accountA 220 a) and administrative credentials associated with the first server120.

After authentication by the second server 130 using the administrativecredentials of the first server 120, services commensurate with thesecond account A 220 a can be tunneled to the user device 110 by aweb-based interface or a web-based application provided by the firstserver 120 in some arrangements. In other words, the first server 120can relay data (e.g., user requests and user inputs) originating fromthe user device 110 to the second server 130. The first server 120 canalso relay data (e.g., the second account information A 224 a)originating from the second server 130 to the user device 110. In otherarrangements, after authentication by the second server 130 using theadministrative credentials of the first server 120, servicescommensurate with the second account A 220 a can be directly provided bya web-based interface or a web-based application provided by the secondserver 130.

FIG. 3C is a flow diagram illustrating a method 300 c for the firstserver 120 (FIG. 1 ) to associate a first account (e.g., the firstaccount A 210 a of FIG. 2 ) hosted by the first server 120 and a secondaccount (e.g., the second account A 220 a of FIG. 2 ) hosted by thesecond server 130 (FIG. 1 ) according to some arrangements. Referring toFIGS. 1-3C and 5A-5C, each of blocks 310 c-350 c corresponds to one ormore of blocks 310 a-380 a and/or 310 b-350 b.

At 310 c, the first server 120 authenticates first login credentialsassociated with the first account A 210 a. The first login credentialsare received from the user device 110. At 320 c, the first server 120receives second login credentials associated with the second account A220 a from the user device 110. The first server 120 receives the secondlogin credentials after the first login credentials are authenticated bythe first server 120. Illustrating with a non-limiting example, thefirst server 120 can receive second login credentials associated withthe second account A 220 a from the user device 110 via the interactiveinterfaces 500 a and 500 b.

At 330 c, the first server 120 sends the second login credentials to thesecond server 130 for authentication. If the second server 130authenticates the second login credentials, the first server 120receives an authentication success message from the second server 130.In response to determining that the second login credentials areauthenticated by the second server 130, the first server 120 associatesthe first account A 210 a with the second account A 220 a at 340 c. Inparticular, the second login credentials include the account identifierthat identifies the second account A 210 a. Associating the firstaccount A 210 a with the second account A 220 a includes storing theaccount identifier and storing mapping information that maps the firstaccount A 210 a to the account identifier.

At 350 c, the first server 120 connects to the second server 130 toallow the user device 110 to access the services commensurate with thesecond account A 220 a without prompting the user device 110 for thesecond login credentials. In some arrangements, the first server 120requests services commensurate with the second account A 220 a on behalfof the user device 110 by logging into the second account A 220 a usingadministrative credentials associated with the first server 120. In somearrangements, the first server 120 sends to the second server 130 anauthentication request that includes the account identifier andadministrative credentials associated with the first sever 120. Thus,the first server 120 does not need to prompt the user device 110 for thesecond login credentials for authentication.

FIG. 4A is a flow diagram illustrating a method 400 a for the secondserver 130 (FIG. 1 ) to associate a first account (e.g., the firstaccount A 210 a of FIG. 2 ) hosted by the first server 120 with a secondaccount (e.g., the second account A 220 a of FIG. 2 ) hosted by thesecond server 130 (FIG. 1 ) according to some arrangements. Referring toFIGS. 1-4A, the second server 130 receives an authentication requestfrom the first server 120 relative to the second login credentialsassociated with the second account A 220 a, at 410 a. The authenticationrequest includes second login credentials that the first server 120receives from the user device 110.

At 420 a, the second server 130 determines whether the second logincredentials received from the first server 120 are authenticated. Forexample, the processing circuit 131 compares the second logincredentials received from the first server 120 to the login credentials222 a-222 n stored in the second account database 138 to determinewhether a match exists. If a match exists, the second server 130authenticates the second login credentials. On the other hand, if amatch does not exist, the second server 130 fails to authenticate thesecond login credentials.

Thus, in response to determining that the second login credentials arenot authenticated (420 a:NO), the second server 130 sends anauthentication failure message to the first server 120 at 430 a. On theother hand, in response to determining that the second login credentialsare authenticated (420 a:YES), the second server 130 sends anauthentication success message to the first server 120 at 440 a. Thesecond server 130 flags the second account A 220 a at 450 a. Block 450 acan be executed responsive to 420 a:YES or responsive to completion ofblock 440 a.

Flagging the second account A 220 a includes, for example, storing anindicator with the second account A 220 a in the second account database138, toggling a value associated with the second account A 220 a, or thelike, to indicate that the second account A 220 a is associated with anaccount (e.g., the first account A 210 a) hosted by the first accountdatabase 128. Once flagged, the user device 110 can no longer directlyaccess the second account A 220 a by providing the second logincredentials (associated with the user 101) to be authenticated by thesecond server 130. In other words, once flagged, the second server 130does not accept direct login attempts from the user device 110 for thesecond account A 220 a.

FIG. 4B is a flow diagram illustrating a method 400 b for the secondserver 130 (FIG. 1 ) to facilitate the first server 120 (FIG. 1 ) to login a second account (e.g., the second account A 220 a of FIG. 2 ) hostedby the second server 130 according to some arrangements. Referring toFIGS. 1-4B, the second server 130 receives a request to access servicescommensurate with the second account A 220 a identified by the accountidentifier at 410 b. The second server 130 identifies the second accountA 220 a using the account identifier that is included in the request.

At 420 b, the second server 130 determines whether the second account A220 a has been flagged. For example, the second server 130 determineswhether there is a flag, an indicator, or a toggled value that indicatesthat the second account A 220 a is associated with an account hosted bythe first server 120. In response to determining that the second accountA 220 a is not flagged (420 b:NO), the second server 130 authorizesaccess to the second account A 220 a based on the second logincredentials A 222 a. That is, the second server 130 allows direct loginfrom the user device 110, on which the user 101 inputs second logincredentials that is the same as the second login credentials A 222 astored in the second account database 138.

On the other hand, in response to determining that the second account A220 a is flagged (420 b:YES), the second server 130 determines whetherthe request to access is from the first server 120. In somearrangements, the second server 130 can determine that the request toaccess is from the first server 120 in response to determining that therequest to access originates from the first server 120 (e.g., anassociated address of origin, such as an IP address, is the same as thatof the first server 120) at 440 b. In some arrangements, the secondserver 130 can determine that the request to access is from the firstserver 120 in response to determining that the request to accesscontains administrative credentials associated with the first server 120(instead of credentials associated with the user 101, such as thepassword or biometric information of the user 101).

Responsive to determining that the request to access is not from thefirst server 120 (440 b:NO), the second server 130 denies access at 460b. In other words, unless the request to access contains theadministrative credentials associated with the first server 120, thesecond server 130 denies access, even as the request to access containssecond login credentials that are the same as the second logincredentials A 222 a (e.g., even as the request to access originates fromthe user device 110).

On the other hand, responsive to determining that the request to accessis from the first server 120 (440 b:YES), the second server 130authorizes access to the second account A 220 a based on the accountidentifier and the administrative credentials associated with the firstserver 120. The second server 130 can provide access to the secondaccount information A 224 a directly to the user device 110 by providinga web-based interface or a web-based application in some arrangements.In other arrangements, the second server 130 can provide access to thesecond account information A 224 a indirectly to the user device 110through the first server 120 in the manner described.

FIG. 4C is a flow diagram illustrating a method 400 c for the secondserver 130 (FIG. 1 ) to associate a first account (e.g., the firstaccount A 210 a of FIG. 2 ) hosted by the first server 120 with a secondaccount (e.g., the second account A 220 a of FIG. 2 ) hosted by thesecond server 130 (FIG. 1 ) according to some arrangements. Referring toFIGS. 1-4C, each of blocks 410 c-440 c corresponds to one or more ofblocks 410 a-450 a and/or 410 b-460 b.

At 410 c, the second server 130 receives an authentication request fromthe first server 120 relative to second login credentials associatedwith the second account A 220 a. The first server 120 received thesecond login credentials from the user device 110 and relays the secondlogin credentials to the second server 130 for authentication.

At 420 c, the second server 130 authenticates the second logincredentials with respect to the second account A 220 a. In somearrangements, responsive to authenticating the second login credentials,the second server 130 flags the second account A 220 a at 430 c.

At 440 c, the second sever 130 authorizes access to the second account A220 a in response to receiving account identifier identifying the secondaccount A 220 a and administrative credentials associated with the firstserver 120.

In some arrangements, the second server 130 receives a secondauthentication request from a device other than the first server(without proper administrative credentials associated with the firstserver 120). In response, the second server 130 denies the secondauthentication request as the second account A 220 a is flagged.

The arrangements described herein have been described with reference todrawings. The drawings illustrate certain details of specificarrangements that implement the systems, methods and programs describedherein. However, describing the arrangements with drawings should not beconstrued as imposing on the disclosure any limitations that may bepresent in the drawings.

It should be understood that no claim element herein is to be construedunder the provisions of 35 U.S.C. § 112(f), unless the element isexpressly recited using the phrase “means for.”

As used herein, the term “circuit” may include hardware structured toexecute the functions described herein. In some arrangements, eachrespective “circuit” may include machine-readable media for configuringthe hardware to execute the functions described herein. The circuit maybe embodied as one or more circuitry components including, but notlimited to, processing circuitry, network interfaces, peripheraldevices, input devices, output devices, sensors, etc. In somearrangements, a circuit may take the form of one or more analogcircuits, electronic circuits (e.g., integrated circuits (IC), discretecircuits, system on a chip (SOCs) circuits, etc.), telecommunicationcircuits, hybrid circuits, and any other type of “circuit.” In thisregard, the “circuit” may include any type of component foraccomplishing or facilitating achievement of the operations describedherein. For example, a circuit as described herein may include one ormore transistors, logic gates (e.g., NAND, AND, NOR, OR, XOR, NOT, XNOR,etc.), resistors, multiplexers, registers, capacitors, inductors,diodes, wiring, and so on).

The “circuit” may also include one or more processors communicativelycoupled to one or more memory or memory devices. In this regard, the oneor more processors may execute instructions stored in the memory or mayexecute instructions otherwise accessible to the one or more processors.In some arrangements, the one or more processors may be embodied invarious ways. The one or more processors may be constructed in a mannersufficient to perform at least the operations described herein. In somearrangements, the one or more processors may be shared by multiplecircuits (e.g., circuit A and circuit B may comprise or otherwise sharethe same processor which, in some example arrangements, may executeinstructions stored, or otherwise accessed, via different areas ofmemory). Alternatively or additionally, the one or more processors maybe structured to perform or otherwise execute certain operationsindependent of one or more co-processors. In other example arrangements,two or more processors may be coupled via a bus to enable independent,parallel, pipelined, or multi-threaded instruction execution. Eachprocessor may be implemented as one or more general-purpose processors,ASICs, FPGAs, DSPs, or other suitable electronic data processingcomponents structured to execute instructions provided by memory. Theone or more processors may take the form of a single core processor,multi-core processor (e.g., a dual core processor, triple coreprocessor, quad core processor, etc.), microprocessor, etc. In somearrangements, the one or more processors may be external to theapparatus, for example the one or more processors may be a remoteprocessor (e.g., a cloud based processor). Alternatively oradditionally, the one or more processors may be internal and/or local tothe apparatus. In this regard, a given circuit or components thereof maybe disposed locally (e.g., as part of a local server, a local computingsystem, etc.) or remotely (e.g., as part of a remote server such as acloud based server). To that end, a “circuit” as described herein mayinclude components that are distributed across one or more locations.

An exemplary system for implementing the overall system or portions ofthe arrangements might include a general purpose computing computers inthe form of computers, including a processing unit, a system memory, anda system bus that couples various system components including the systemmemory to the processing unit. Each memory device may includenon-transient volatile storage media, non-volatile storage media,non-transitory storage media (e.g., one or more volatile and/ornon-volatile memories), etc. In some arrangements, the non-volatilemedia may take the form of ROM, flash memory (e.g., flash memory such asNAND, 3D NAND, NOR, 3D NOR, etc.), EEPROM, MRAM, magnetic storage, harddiscs, optical discs, etc. In other arrangements, the volatile storagemedia may take the form of RAM, TRAM, ZRAM, etc. Combinations of theabove are also included within the scope of machine-readable media. Inthis regard, machine-executable instructions comprise, for example,instructions and data which cause a general purpose computer, specialpurpose computer, or special purpose processing machines to perform acertain function or group of functions. Each respective memory devicemay be operable to maintain or otherwise store information relating tothe operations performed by one or more associated circuits, includingprocessor instructions and related data (e.g., database components,object code components, script components, etc.), in accordance with theexample arrangements described herein.

It should also be noted that the term “input devices,” as describedherein, may include any type of input device including, but not limitedto, a keyboard, a keypad, a mouse, joystick or other input devicesperforming a similar function. Comparatively, the term “output device,”as described herein, may include any type of output device including,but not limited to, a computer monitor, printer, facsimile machine, orother output devices performing a similar function.

It should be noted that although the diagrams herein may show a specificorder and composition of method steps, it is understood that the orderof these steps may differ from what is depicted. For example, two ormore steps may be performed concurrently or with partial concurrence.Also, some method steps that are performed as discrete steps may becombined, steps being performed as a combined step may be separated intodiscrete steps, the sequence of certain processes may be reversed orotherwise varied, and the nature or number of discrete processes may bealtered or varied. The order or sequence of any element or apparatus maybe varied or substituted according to alternative arrangements.Accordingly, all such modifications are intended to be included withinthe scope of the present disclosure as defined in the appended claims.Such variations will depend on the machine-readable media and hardwaresystems chosen and on designer choice. It is understood that all suchvariations are within the scope of the disclosure. Likewise, softwareand web implementations of the present disclosure could be accomplishedwith standard programming techniques with rule based logic and otherlogic to accomplish the various database searching steps, correlationsteps, comparison steps and decision steps.

The foregoing description of arrangements has been presented forpurposes of illustration and description. It is not intended to beexhaustive or to limit the disclosure to the precise form disclosed, andmodifications and variations are possible in light of the aboveteachings or may be acquired from this disclosure. The arrangements werechosen and described in order to explain the principals of thedisclosure and its practical application to enable one skilled in theart to utilize the various arrangements and with various modificationsas are suited to the particular use contemplated. Other substitutions,modifications, changes and omissions may be made in the design,operating conditions and arrangement of the arrangements withoutdeparting from the scope of the present disclosure as expressed in theappended claims.

What is claimed is:
 1. A method for associating a first account with asecond account, the first account being hosted by a first server, thesecond account being hosted by a second server, the method comprising:receiving, by the second server, an authentication request from thefirst server relative to second login credentials associated with thesecond account; authenticating, by the second server, the second logincredentials, the second login credentials comprising an accountidentifier that identifies the second account; flagging, by the secondserver, the second account; and authorizing access, by the secondserver, to the second account in response to receiving the accountidentifier identifying the second account and administrator'scredentials associated with the first server, wherein the first accountand the second account are associated by storing the account identifierand storing mapping information that maps the first account to theaccount identifier, and wherein authorizing access to the second accountcomprises sending, by the first server to the second server, anauthentication request comprising the account identifier andadministrative credentials associated with the first server.
 2. Themethod of claim 1, further comprising: receiving, by the second server,a second authentication request from a device other than the firstserver to access the second account after the second account has beenflagged; and denying the second authentication request.
 3. The method ofclaim 1, further comprising; receiving, by the second server, anauthentication request from a user device to access the second accountafter flagging the second account, wherein the authentication requestcomprises the second login credentials; and denying the authenticationrequest.
 4. The method of claim 1, wherein services commensurate withthe second account comprise content delivery network (CDN) services fora user of the user device.
 5. The method of claim 1, wherein the accountidentifier is at least one of a username, an account name, or an accountnumber.
 6. A second server for associating a first account with a secondaccount, the first account being hosted by a first server, the secondaccount being hosted by the second server, comprising: a network device;a memory; and a processor configured to: receive an authenticationrequest from the first server relative to second login credentialsassociated with the second account, the second login credentialscomprising an account identifier that identifies the second account;authenticate the second login credentials; flag the second account; andauthorize access to the second account in response to receiving theaccount identifier identifying the second account and administrator'scredentials associated with the first server, wherein the first accountand the second account are associated by storing the account identifierand storing mapping information that maps the first account to theaccount identifier, and wherein authorizing access to the second accountcomprises sending, by the first server to the second server, anauthentication request comprising the account identifier andadministrative credentials associated with the first server.
 7. Thesecond server of claim 6, wherein the processor is further configuredto: receive a second authentication request from a device other than thefirst server to access the second account after the second account hasbeen flagged; and deny the second authentication request.
 8. The secondserver of claim 6, wherein the processor is further configured to:receive an authentication request from a user device to access thesecond account after flagging the second account, wherein theauthentication request comprises the second login credentials; and denythe authentication request.
 9. The second server of claim 6, whereinservices commensurate with the second account comprise content deliverynetwork (CDN) services for a user of the user device.
 10. Anon-transitory computer-readable medium comprising computer-readableinstructions for associating a first account with a second account, thefirst account being hosted by a first server, the second account beinghosted by a second server, when executed, cause a processor of thesecond server to: receive an authentication request from the firstserver relative to second login credentials associated with the secondaccount, the second login credentials comprising an account identifierthat identifies the second account; authenticate the second logincredentials; flag the second account; and authorize access to the secondaccount in response to receiving the account identifier identifying thesecond account and administrator's credentials associated with the firstserver, wherein the first account and the second account are associatedby storing the account identifier and storing mapping information thatmaps the first account to the account identifier, and whereinauthorizing access to the second account comprises sending, by the firstserver to the second server, an authentication request comprising theaccount identifier and administrative credentials associated with thefirst server.
 11. The non-transitory computer-readable medium of claim10, wherein the processor is further configured to: receive a secondauthentication request from a device other than the first server toaccess the second account after the second account has been flagged; anddeny the second authentication request.
 12. The non-transitorycomputer-readable medium of claim 10, wherein the processor is furtherconfigured to: receive an authentication request from a user device toaccess the second account after flagging the second account, wherein theauthentication request comprises the second login credentials; and denythe authentication request.
 13. The non-transitory computer-readablemedium of claim 10, wherein services commensurate with the secondaccount comprise content delivery network (CDN) services for a user ofthe user device.
 14. The non-transitory computer-readable medium ofclaim 10, wherein the account identifier is at least one of a username,an account name, or an account number.